Devices are everywhere. From sensors in water pipes and security tools that protect homes to telematics boxes and health monitoring wearables, mobile technology has revolutionised the transfer of data - and insurance.
As the IoT (Internet of Things) continues to mushroom, the insurtech industry is flourishing.
Providers are becoming increasingly smart in the ways they capture and use data, creating bespoke products and services that support their customer-centric models.
Reports suggest that better use of data and connected devices could lower the cost of premiums for insurers by almost a third, while data analytics collected through the IoT enables a far more accurate risk assessment process.
Some insurance sectors are ahead of the pack. Telematics is leading the way in terms of real-time data collection and analytics - an aspect that is transforming the car insurance market. Meanwhile, many progressive health insurance providers are relying on wearable devices to incentivise customers by lowering the premiums for those that adopt healthier lifestyles.
A matter of trust
June Quah, assistant VP, Integrated Analytics at Munich Re, says insurers must not only demonstrate the use of the collected data to customers by lowering premiums and providing better products, but they must also foster an environment of trust.
“Adopting a wearables-based programme should be transparent about privacy, including what information is captured, stored and shared, and how the data is used,” states Quah. “It goes without saying that insurers must obtain consent and the appropriate authorisation from their customers before accessing their personal information.”
Quah points out that customers understand the value of data and can be apprehensive about sharing personal information. This is because wearable technology particularly transmits biometric data similar to that person’s medical history. “Insurers have a long history of using sensitive personal medical information while maintaining the highest standards for confidentiality and security.”
She adds, “We must demonstrate the value of wearable data using sound actuarial principles and expected experience in order to keep consumers’ trust.”
Risk and real-time
Real-time data is the ultimate win for insurers - and the demand for it is fuelling the IoT device industry. Real-time data allows insurance companies to identify and remediate risks. For example, a wearable device could be used in the workplace to identify if a worker is wearing protective equipment or not.
In the P&C sector, such technology (installed rather than worn) can detect a pipe leaking and can send instructions to shut off the water before damage to property occurs. Beyond risk management, the data from connected devices helps insurers create differentiated products and services, including more equitable premiums for safer customers, usage-based coverage, tailored risk intervention programmes and improved claims handling.
Accuracy, real-time data and AI
Shawn Tan, CEO of Skymind, a technology company that specialises in building AI ecosystems, says the greatest shift in the insurtech space has been the developments in risk assessment. These have improved the accuracy of claims projections and helped enhance customer products and experiences. He says, “Connected devices and massive real-time data streams will not only allow insurers to accurately predict potential losses but also alert customers of potential loss.”
Tan refers specifically to auto insurers that historically used agents reliant on indirect indicators like age, address, and creditworthiness of a driver. “With the introduction of IoT, data on driver behaviour and the use of a vehicle, such as how fast it is driven and how often it is driven at night, is immediately available,” the picture insurers receive on customers is incredibly accurate, he points out.
As the basic insurance business model is based on the ability of the insurance provider to assess risk, advanced technologies have driven the market forwards.
Tan says, “Data from connected IoT devices allows insurers to understand their customers on a deeper level. This helps insurers in creating products that will tackle specific issues their customers are facing and drives strategic initiatives.”
Data collection and regulation
But with the vast oceans of data being collected and stored, the question of ethically handling it, using it, and keeping it safe are elements that need to be confronted. With more data collection devices in operation than ever before, regulations must be water-tight.
Tan says personal data has become “the lifeblood of insurance services,” as only comprehensive and accurate information about clients allows companies to provide viable and sustainable offerings.
He points out that to secure personal data against misuse, insurance providers are obliged to follow data protection requirements and face strict penalties for non-compliance. Although, this depends on the type of sensitive data collected and processed in order to provide insurance services.
Data gravity and analytics
While more data from connected devices should equal better analytics, too much of a good thing is problematic. Data gravity refers to a situation where the sheer volume of information that is collected is so vast that it becomes unmanageable and ends up largely being unused - and therefore creating more expense for insurers.
“Data Gravity is a common problem,” says Tan, who explains that proper data storage requires back ups, GDPR compliance,
access controls (controlling who uses what data for what purpose) and local compliance (ensuring that your data is being used in accordance with laws relevant to a place of business as well as the customer).
In the insurance industry, data is usually managed by a range of vendors and in-house teams, with processes ranging from having multiple places to store the data (reducing vendor lock-in) in case a database fails and having off-site backups.
Tan says, “Increasingly, these solutions are becoming harder to maintain for companies, and many are increasingly looking to managed storage providers to handle the requirements.”
And technology is finding solutions to the problem. Data that is no longer required by the customer may be archived or used in different pattern recognition software employed by the insurer, Tan says. “This is often done through anonymised demographics to preserve privacy while allowing the insurance company to update their policies to reflect the typical risk of a given customer profile.”
Connectivity has transformed the insurtech space. However, this creates vulnerabilities too. In the event of a service disruption, customer transactions, claims, and data may be lost, delayed and potentially cost millions. Meeri Rebane, CEO and co-founder of INZMO - the Berlin-based insurtech/fintech, says that because connectivity is increasing and better business practices and customer communications are so reliant on it, insurtechs are future-proofing themselves against technical disruptions by investing in new technologies.
“I believe that it is inevitable that companies will start making smarter investments in their digital technologies, and the most fundamental part of that is everything related to transitioning to the cloud.”
New tools that can help web-scale companies are now dominating the marketplace. These tools can process huge amounts of data quickly, run software on any infrastructure and make the most efficient use of resources.
She explains, “Disruptive technologies such as AI and blockchain, along with new and agile upstarts coming into the market using cheaper and more efficient and effective platforms, can also prompt companies to consider scenario planning.”
Rebane adds, “The data is then used to inform insurtechs of the impact such developments and changes in consumer tastes as well as the effects regulatory trends may have on their business if they fail to adapt to changing circumstances.”
Personal data compliance
Insurtechs must already comply with the following regulations to keep collected information secure.
- The General Data Protection Regulation (GDPR) aims to secure the personal information of European Union residents. Insurers that provide services to EU residents must comply with GDPR requirements regardless of where their businesses are registered and where business activity occurs.
- The California Consumer Privacy Act (CCPA) stateside controls the collection, use, and sale of personal information of California residents. Insurance companies operating in California are subject to CCPA regulations, which include disclosure obligations and requirements related to consumer privacy rights.
- The Health Insurance Portability and Accountability Act (HIPAA) regulates health data in the US. This act aims to prevent fraud and abuse of personal healthcare data. US insurance providers dealing with medical records are required to protect sensitive data in compliance with HIPAA requirements.
- The Gramm–Leach–Bliley Act (GLBA) is a US federal law that requires insurance companies to explain their information-sharing practices to customers and to protect customers’ sensitive data. It also obliges insurers to track employee’s activities, especially those that relate to accessing protected customers’ records.
- The Sarbanes–Oxley Act (SOX) aims to make the activity of US insurance organisations more transparent and secure. It also prevents fraudulent actions and protects financial records. To meet SOX requirements, insurance organisations have to document every communication and financial operation.
- The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards that guarantee the security of credit card processing. Insurance providers around the world must be PCI DSS compliant as soon as they accept credit cards or store information about them (such as for payment of insurance policy premiums).